新手止步
前提条件
- 可以熟练的使用 vim, 原生 V2ray, NGINX
- 懂得提问的艺术
- 具有文中提到的软硬件资源。如:VPS & 域名
架构图
当然在反代服务器那边也可以套 N 多层…
DEFINE
- V2ray Server
- Domain:
server.com - id:
7e6d2332-880e-4814-82ab-587bbb852361 - path:
/path - SSL path:
/ssl - SSL file name:
pem.pem,key.key
- Domain:
- Reverse Server
- Domain:
reverse.com - path:
/path
- Domain:
注意:V2ray Server 的 nginx 站点配置应为 default_server, 反代服务器的 NGINX 配置文件没有要求为 default_server, 但是也 不应该 指定其他站点为 default_server。
推荐将其都设置为 default_server。
服务端
TLS 服务由 NGINX 提供,无需再 config.json 定义
安装必须项
sudo apt install nginx -y 或者 yum install nginx -y
bash <(curl -L -s https://install.direct/go.sh)
vim /etc/v2ray/config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29{
"inbounds": [
{
"port": 23233,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "7e6d2332-880e-4814-82ab-587bbb852361",
"alterId": 0
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/path"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}vim /etc/nginx/sites-enabled/default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20server {
listen 443 ssl default_server;
ssl on;
ssl_certificate /ssl/pem.pem;
ssl_certificate_key /ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name server.com;
location /path {
proxy_redirect off;
proxy_pass http://127.0.0.1:23233;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}service v2ray restart && nginx -t && nginx -s reload
到此 TLS+WEB+WS 即可用了,但是个人的网(城域网)从各个意义上来说一般是不如国内服务器的,所以继续…
反代服务器
当然还可以上 CDN 加速
sudo apt install nginx -y 或者 yum install nginx -y
vim /etc/nginx/sites-enabled/default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38upstream server {
server server.com:443;
}
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl default_server;
server_name reverse.com;
ssl on;
ssl_certificate /ssl/pem.pem;
ssl_certificate_key /ssl/key.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#error_log /var/log/nginx/l_error.log error;
#access_log /var/log/nginx/l_accss.log;
location /china {
proxy_redirect off;
proxy_pass https://server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass https://server;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
客户端
如果设置了反代的话,服务器地址应修改为反代服务器地址, 所以
outbounds里面的address应修改为reverse.com
1 | { |
¿¿¿¿¿¿
连接不上?看看服务器443端口开了没?防火墙?云防火墙?服务器被Q了?
看看 NGINX 和 V2RAY 日志,看不懂?哦
国内服务器被Q了?看看域名备案了没?
… …
¿¿¿
